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Features: (USB Server) 

* RaspAP (Wireless Access Point Hotspot) 

* Cups & AirPrint (USB Print Server) 

* Samba ( File Server & Windows Printing) 

* Log2Ram (Save your USB or SD by logging to Ram) 

* UFW (Raspberry Preferred Firewall ) 

* CCTV (Webcam Monitor and Notifications) 

* SMTP (MSMTP and MUTT Email Notifications) 

* Pi-Hole (DNS Blackhole for Adverts and Telemetry and other nasty stuff) 

* Unbound (Local DNS Server) 

* Anti-Virus (ClamAV scanning and notifications) 

* Wifi Off (Switch off the WiFi at times Green Anti-EMF) 

* Backups (Backup the Samba shared files to Google Drive) 

* Disaster Recovery of the USB (Clone the USB to another) 

* File Monitoring (Create Notifications when Samba Shares are getting full) 
* Auto System Reboots (Set how often and when the system reboots) 

* Health Reports (Collection of Reports places in the samba share and emailed) 


BONUS MATERIAL AT BOTTOM INSTALL KODI, WEBSERVER and SEE YOUR CCTV ON KODI! + REMOTE 


SETTING UP THE COMPUTER AND A USB PEN DRIVE 


Datatlraveler® 
G4 





Requirements: 

* 1 old computer with network port and is able to boot from USB (I used a Dell Wyse 7010) 

* Wireless USB CARD or built in if supported (| used a RT5370 USB) 

* Network Cable (Plugged from the PC to the back of your Internet Router) 

* DVI/VGA to TV\Monitor Connection 

* Keyboard and Mouse 

* USB Memory Stick x2 (Il used a Kingston Data Traveler G4 32GB ) you can use a HDD or SDD 
* 2GB Memory (minimal) 





1. First Download and install Rufus Portable (Currently 3.13) 
https://rufus.ie 


2. Unpack the ZIP file into in to a folder e.g. C:\Software\Rutus\ 


3. Download Raspberry Pi Desktop OS ISO (Debian Buster / Raspberry Pi Desktop ) 
https://www.raspberrypi.org/software/raspberry-pi-deskto 


4. Plug in your USB and start RUFUS 
5. Select your USB drive in RUFUS 


6. Select the ISO Raspberry Buster Desktop 


7. Select Persistent Partition Size 
On the slider set 66% of USB drive size 
8. Set the Partition Scheme to MBR if not already selected 


9. Leave all other settings as default 


10. WARNING: THIS WILL DESTROY ALL DATA ON THE SELECTED DRIVE 
Press Start 


11. Have a coffee and wait for it to finish (takes some time) 


a 


Drive Properties 
Device 
Linux Mint 19.3 Cinnamen 32-bit (F:) [32 GB] 
Boot selection 
2021-01-11-raspios-buster-i386.iso ~Y) 
Persistent partition size 
GB 
Partition scheme Target system 


MBR BIOS or UEFI 


v 


Format Options 
Volume label 
Debian RPD M-A 1 


File system Cluster size 


FAT32 (Default) 16 kilobytes (Default) 


v 


Status 


© oO = TART CANCEL 


Using image: 2021-01-11-raspios-buster-i386.iso 


Finished 





1. Plugin the following to the computer 
* Keyboard and Mouse 
* The DVI \ VGA cable into the Monitor 
* The Network Cable 
* The Webcam 
* The Printer USB Cable 
* The Wireless USB Dongle 
* The USB Dongle with the Raspberry Pi Buster system Installed 


2. When your computer boots make sure the computer BOOT ORDER is set to boot from the USB 
and make sure the LAST STATE is set in case of power outages in the Computer Bios. 


3. Once your computer has booted you should be greeted by the Raspberry Pi Desktop screen, 
Please note the IP <ADDRESS> shown at the bottom right of the setup screen 


4. Click NEXT 
5. Select your REGION, LANUAGE and TIME ZONE 
6. Make sure to CLICK the OPTION “Use English Language” 


7. Click NEXT 


8. The OS will now save your settings for a second 


9. You are now asked to change the password 
(No need to change the password now, it’s up to you) 


10. Click SKIP 


11. You will be asked to “SELECT WIFI NETWORK” 
(Do not setup the WiFl network, there is no need, we do this later and work with eth network) 
If you are not going to use the ETH connector and want WIFI and skip a few things then ok set it) 


12. Click SKIP 


13. You will now be asked to “UPDATE THE SOFTWARE” 
(This can take very long and we will be doing this later) 


14. Click SKIP 


15. Click DONE 


16. Next click on the Raspberry Desk Menu (This is the Raspberry on the top left corner of desktop) 


Select -> Preferences 
Select -> Raspberry Pi Configuration 


Wy sens 
v 
su. Games > 
a Accessories > 
a & 
WA Preferences > le Appearance Settings 
oe? Run & J Audio Device Settings 
Y Main Menu Editor 
fl Shutdowr s 


FAM 


Mouse and Keyboard Settings 


Raspberry Pi Configuration [ 


17. On the SYSTEM tab click 


_ Raspberry Pi Connguration 











Interfaces | Performance | Localisation | 

















Filesystem: Expand Filesystem | 

Password: Change Password... 

Hostname: | raspberrypi 

Boot: ‘) To Desktop © To CLI 

Auto Login: ¥ Login as user ‘pi’ 

Overscan: \ Enabled ‘*) Disabled 

Rastrack: Add to Rastrack... 
Cancel | OK 


Boot -> To CLI 
Auto Login -> DISABLED 


18. On the INTERFACES tab click 
SSH -> ENABLED 


Click OK (at the bottom) 


Continue to the next page 


Now we need to FIX (WORK AROUND) a SSH Problem with the USB Stick 

For some reason or permissions or certificate we need to lower the security. 

Note this is a work around and should not be used over the internet 
https://askubuntu.com/questions/204400/ssh-public-key-no-supported-authentication-methods- 





available-server-sent-publ 





PuTTY Fatal Error x 


No supported authentication methods available (server sent: 
publickey) 





Open the TERMINAL on the RASPBERRY PI DESKTOP 





1. We need to edit the sshd_config file 
sudo nano /etc/ssh/sshd_config 


2. Change the follow lines from "no" to "yes" in this file 





3. to SAVE press CTRL + X -> Y -> ENTER key 

4. Next we want to reboot the system, Click the Raspberry Desktop Menu 
Select -> SHUTDOWN 
Click -> REBOOT 


Finished 


aa 


SSH with Putty & Fix (Your first remote login) 


Resources Guides: 
https://www.howtogeek.com/311287/how-to-connect-to-an-ssh-server-from-windows-macos-or-linux 





Notes: 
From a Linux Terminal = ssh username@ssh.server.com or ssh pi@192.168.0.6 
Port 22 is used for SSH 


Download and install Putty to your Windows PC 
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html 


After Putty is installed -> OPEN Putty 















fee PuTTY Configuration ? ms 
Category: eee 
El Session | Basic options for your PulTY session 
be Logging Specify the destination you want to connect to 
—&) Tenninal 
Be Keyboard Host Name (or IP address) Port 
i ks Features Connection type: 
I. Window (Raw (©) Telnet C)Rlogin @)SSH (€) Serial 
hie Load, save or delete a stored session 
=~ Behaviour 
-~ Translation Saved Sessions 
| fl Selection 
i i Colours “ee ae ears 
Default Settings 
EI Connection Pi-Hole Bae 
~~ Data RaspAP Saun 
ee Proncy 
ae Telnet Delete 
Sas Rlogin | 
+)-5SH 
~ — Close window on exit: ” 
(Always () Never (@) Only on clean exit 
L 
tod = 


1. Enter the IP Address you recorded when you installed the system into Putty and set Port 22 and 
click OPEN 

2. You will be prompted for a PUTTY Security Alert, this is the certificate. CLICK YES 

3. Enter the LOGIN AS Username = pi 

4. Enter the Password = raspberry 


If you can’t get or remember the Ip Address DHCP assigned to your computer, go back to your 


computer and type in ifconfig 
This will show you ethO and the IP address assigned to your computer. 


SETTING UP A STATIC IP OR DHCP IP ROUTER RESERVATION 


Resources Guides: 
https://www.raspberrypi.org/documentation/linux/usage/commands.md 
Notes: See end of book for wifi setup 

passwd (Command to change passwords) 


If you intend to install RaspAP (Wireless Access Point) its recommended to do a DHCP Router IP 
Reservation on your Internet Router with DHCP. RaspAP will remove the Static IP, | do Both in my setup 


1. Edit the following file to change to a static IP 
sudo nano /etc/dhcpcd.conf 


2. Remove the # and enter your desired IP setup. If you wish to leave it as DHCP do nothing 


Below is an example yours only needs remove the # and set the IP leave the rest 





3. Save your changes CTRL X -> Y -> ENTER 


4. Reboot your system 
sudo reboot 


Entering a DHCP Reservation on your Internet Router 


1. Login to your Internet Router via a Web Browser, Depending on the IP e.g. http://192.168.0.1 


2. Find the DHCP CLIENT LIST and ADD YOUR SYSTEM MAC ADDRES and IP ADDRESS and HOST 
NAME and APPLY or SAFE the CHANES 





Basic Setup WAN Setup LAN Setup Wireless 2.4GHz Wireless 5 GHz Firewall Utilities 


Client List 


LAN SETTINGS This page shows the host Name, IP address. and MAC Address of each computer that is connected to your network. If a computer does 





not have a specified host name, then the host Name field will be blank. Click the Add button to create a new fixed client lease. Select a 
LAN SETTINGS (IPV6) 
client and then click the Delete button to delete the client lease. Click the Refresh button to update the Clients list 


CUENT LIST 
PORTS 
Reserved IP Client List 
Name IP Address Mac Address Status 
()  RaspAP 192.168.0.11 00-80:64:E2:07:1B Online 
Add 
Attached Client List 
IP Address Name Mac Address Type Expiration 


Finished 





re 
E 








Changing 





1. To change your hostname on your Computer type raspi-config 
sudo raspi-config 


2. Select 1. System Option 





EP pi@raspberrypi: ~ = O x 


Raspberry Pi Software Configuration Tool (raspi-config) 


nf4omre 


pt - = f j Tran 


Display Option Configure display settings 

Interface Options Configure connections to peripherals 
Localisation Options Configure language and regional settings 
Advanced Options Configure advanced settings 

Update Update this tool to the latest version 
About raspi-config Information about this configuration tool 


wowaoannw ng 


<Select> <Finish> 





3. Select S4 Hostname 


EP pi@raspberrypi: ~ = O x 


Raspberry Pi Software Configuration Tool (raspi-config) 


S1 Wireless LAN Enter SSID and passphrase 


53 Password Change password for the 'pi' user 


Wrnetrname Saf Name Far thie “mrmitt< - motnio yi 
S4 stname e =i nn ee t 13s "“OmMmputer © = — ope 


SS Boot / Auto Login Select boot into desktop or to command line 
S6 Network at Boot Select wait for network connection on boot 


<Select> <Back> 








4. Enter OK 


5. Enter the new hostname “RaspAP” 


ge pi@raspberrypi: ~ = O x 


Please enter a hostname 


<Canceli> 





6. TAB ENTER -> OK 
7. TAB ENTER -> FINISH 


8. Would you like to reboot TAB ENTER -> YES 





ep pi@raspberrypi: ~ — Oo x 


Would you like to reboot now? 





9. Your system will reboot and you will have a new HOSTNAME 


Finished 


CREATE A FILE IN ia Pi oo FOLDER 


—_a 






































1. You can enter the command hostname to see the computer hostname 
hostname 


2. To change directory to your home folder use Shome (aka /home/pi) 
cd Shome 


3. You can use nano editor and make a file in your home directory 
In this case <computername> -> RaspAP 
sudo nano /home/pi/<computername> 


# To save the file enter 
CTRL X -> y -> ENTER 


4. You can also use touch to create a empty file 
touch /home/pi/<computername> 


5. To see files in directories use the Is (Dos is DIR) 
Is 

or 

Is -al 


=P pi@RaspAP: ~ = CO x 





Finished 


UPDATE & UPGRADE YOUR SYSTEM 


et | ~~ 





(This could take a long time) 


Before we continue we need to update and upgrade the system 


1. First we update the system 
sudo apt-get update 


gf pi@RaspAP: ~ = O x 





L115 * =>", x = —t = P=) aie if Go ii = uo qiiu =") 2 —aeeee 21 - TT), ee © 2 ee) a © 


2. Next we upgrade the system (This may take a very long time) 
sudo apt-get upgrade 


=P pi@RaspAP: ~ = O x 








3. When done please reboot 
sudo reboot 


SETUP A REBOOT SCHEDULE 


Resources Guides: 


Notes: 
This will allow us to keep the system in prime condition once a week 
You can use @daily for everyday in the crontab 


1. Run the following command to edit the crontab 
lf asked what editor to use select NANO 
sudo crontab -u pi -e 


2. Enter the following line right at the bottom of the file 





3.Save your changes 


4. Restart the CronTab service 
Sudo service cron restart 


5. When completed press CTRL X to save and enter Y for yes when prompted and hit ENTER to commit 





Finished 


LOGZRAM 
This will save some space, speed up things and give the SD, USB longer health 


Resources Guides: 
https://pimylifeup.com/raspberry-pi-log2ram 


Notes: /var/hdd.log #location of backup logs 


1. Open your terminal console or SSH and change DIR to SHOME 
cd /home/pi or cd Shome 


2. Its recommended to have rsync installed (This may already be installed) 


sudo apt install rsync 


3. Download LOG2RAM 
weet https://github.com/azlux/log2ram/archive/master.tar.gz -O log2ram.tar.gz 


4. Extract the files in log to ram 
tar xf /home/pi/log2ram.tar.gz 


5. Change folder to log2ram-master 
cd /home/pi/log2ram-master 


6. Make the installer executable if not already (Looks GREEN=OK Executable) 


sudo chmod +x install.sh 


7. Run the installer 
sudo ./install.sh 


8. Change the configuration from SIZE=40M to SIZE=128M 
sudo nano /etc/log2ram.conf 





9. Reboot for effect to take place 
sudo reboot 


10. OPTIONAL: Check to see if the log file is running and there should also be a new mount 
df -h 
mount 


UFW (Uncomplicated Fire Wall) 


Resources Guides: 
https://pimylifeup.com/raspberry-pi-ufw 
https://en.wikipedia.org/wiki/Uncomplicated Firewall 


Notes: 

# Limits = sudo ufw limit 22 

# Show Added = sudo ufw show added 

# sudo ufw allow ssh or sudo ufw allow 22/tcp 
# Port Ranges = sudo ufw allow 1000:2000/tcp 
# |PAddress = sudo ufw allow from 192.168.255.255 
# Deny = sudo ufw deny 80/tcp 

# sudo ufw delete allow ssh 

# sudo ufw status numbered 

# sudo ufw delete [number] 

# sudo ufw disable 

# sudo ufw reset 


To see what ports are currently used run the command netstat -natp 
sudo netstat -natp 


1. First install the firewall 
sudo apt install ufw 


rh 


Ti 





2. Run each command to add an open Port ALLOW, skips ones you don’t need 


sudo ufw allow 445 
sudo ufw allow 137 
sudo ufw allow 138 
sudo ufw allow 139 
sudo ufw allow 80 
sudo ufw allow 53 
sudo ufw allow 22 
sudo ufw allow 631 
sudo ufw allow 25 
sudo ufw allow 123 
sudo ufw allow 67 
sudo ufw allow 68 
sudo ufw allow 1194 
sudo ufw allow 443 
sudo ufw allow 465 
sudo ufw allow 2020 
sudo ufw allow 8080 
sudo ufw allow 8081 
sudo ufw allow 8082 
sudo ufw allow 587 
sudo ufw allow 4711 
sudo ufw allow 5335 
sudo ufw allow 9100 


sudo ufw allow 58000:60000/tcp 
sudo ufw allow 53682 


# SAMBA 
# SAMBA 

# SAMBA 

# SAMBA 

# Webserver 

# DNS 

# SSH 

# CUPS PRINTER 

# SMTP 

# Time Services ???? 

# DHCP 

# DHCP 

# OpenVPN 

# OpenVPN / HTTPS 

# SMTPS 

# (Use only if you are using Raspberry Cast) 
# (CCTV Webcam Monitor) 

# (CCTV Webcam Monitor) 

# (Wifi RasoAP Admin Page after changing from 80) 


# Unbound 
# Printing 
# Unbound 
# RClone 


3. Enable the Firewall and check its status 


sudo ufw enable 
sudo ufw status 











SETUP mSMTP MAILER TO SEND NOTIFICATIONS 


Resources Guides: 





https://wiki.debian.org/msmt 
https://marlam.de/msmtp/msmtp.html 
https://manpages.debian.org/testing/msmtp/msmtp.1.en.html 
https://www.computerhope.com/unix/umailx.htm 
https://www.binarytides.com/linux-mailx-command 


Notes: 

Subject: is the subject of the mail and after \r\n\r\n is the mail's main messages 
—debug is the output log of the sending mail 

—from=default is which account used for sending the mail 

-t username[at]gmail.com is the destination address 


1. Create anew Gmail account for sending mails (Make sure it has a good secure password) 


2. Open Gmail Account Settings 


3. Under Security Enable the option "Access for less secure apps" switch on 


Google Account Q 
——— Poland - Feb 15 


© Home 


= . 
z=| Personal info 


@> Finda lost device 


Manage devices 





C® Data & personalization 
a Security 
2) People & sharing Less secure app access 
Your account is vulnerable because you allow apps and devices that 
Fj Payments & subscriptions use less secure sign-in technology to access your account. To keep 
your account secure, Google will automatically turn this setting OFF if 
it's not being used. 
G) About 
@ om 


Turn off access (recommended) 


4. Install the smtp service on your device with the following command 
sudo apt-get install msmtp ca-certificates 


5. Create the file msmtprc 
sudo touch /etc/msmtprc 


6. Next we edit the file and enter the settings below. 
Note: Change only the user - email and password to your own Gmail account 
sudo nano /etc/msmtprc 





7. Change the file permissions with the command below 
sudo chmod -R 0777 /etc/msmtprc 


8. Create the log file and set its permissions 
sudo touch /var/log/msmtp.log 

sudo chmod -R 0777 /var/log/msmtp.log 
sudo chegrp pi /var/log/msmtp.log 


9. Doatest email and only change the email address at the end to your personal email to send 
echo -e "Subject: Test Mail\r\n\r\nThis is a test mail" | msmtp --debug --from=default -t 


username@gmail.com 


10. Install a email client for attachments called Mutt (for file attachments) 
cd Shome 
sudo apt-get install mutt 


OPTIONAL TO DO: THE PASSWORD FILE NEEDS ENCRYPTION TO HIDE THE 
PASSWORD IN THE FILE 


11. Edit Mutt config file 
sudo nano ~/.muttrc 





Save your changes 


12. Set the permissions 
sudo chmod o+rwx /home/pi/.muttrc 


13. Test Mutt by sending an email with attachment (Note permissions of attachments to send) 


echo "Some log event" > message.txt 
echo "This is an email body" | /usr/bin/mutt -a message.txt -s "Email Subject" -- 


recipient@gmail.com 





Finished 


SETTING UP PRINTING WITH CUPS & SAMBA 


Resources Guides: 
https://circuitdigest.com/microcontroller-projects/raspberry-pi-print-server 
https://www.tomshardware.com/how-to/raspberry-pi-print-server 
https://raspberrytips.com/install-printer-raspberry-pl 
https://www.cups.org/blog/2005-05-10-how-to-restrict-disk-memory-and-cpu-usage. html 








https://wiki.debian.org/CUPSDriverlessPrintin 


Notes: 
Make sure your printer is ON and connected to a USB Port 


1. Install CUPS with the following command (This may already be installed) 


sudo apt-get install cups 


2. After the install we need to edit the cupsd.conf file 
sudo nano /etc/cups/cupsd.conf 








3. Next we need to restart the CUPS Service 
sudo service cups restart 


4. Wenow add the pi user to the lpadmin 
sudo usermod -a -G lpadmin pi 


5. Configure CUPS so it available over the network 
sudo cupsctl --remote-any 


6. Restart CUPS 
7. sudo service cups restart 


8. We need to do atest to see if its working, open your web browser and enter the URL below 
If you are not sure what your IP is type in and look under ethO 


Note: At this stage you should have a working printer but we continue to setup 
ifconfig 


http://192.168.0.2:631 


< CGC A Notsecure | 192.168.0.2:631/admin/ 


Oe) Relremmmaeuicm Administration BQ EC  iiie a(-)\o mmm le)e\- imme afin) les 


Administration 


Printers Server 








| Add Printer || Find New Printers || Manage Printers 





| Edit Configuration File || View Access Log || View Error Log || View Page Log 





Server Settings: 


Classes Advanced > 


Share printers connected to this system 
Allow printing from the Internet 
_} Allow remote administration 
|_| Use Kerberos authentication (FAQ) 
Jobs _) Allow users to cancel any job (not just their own) 
|) Save debugging information for troubleshooting 





| Add Class I Manage Classes | 





| Manage Jobs | 





| Change Settings | 





Next we install Samba for windows printers to work and later for a file server 
sudo apt-get install samba samba-common-bin 


. You will be asked if you want to use WINS from the DCHP 


Select Enter on YES 


. Reboot the computer 


sudo reboot 


. Next we need to edit the smb.conf file and edit the selection below 
sudo nano /etc/samba/smb.conf 





Save your changes 


13. 


Restart the samba services 
sudo service smbd restart 


. Open CUPS printer URL page again to add a printer 


http://192.168.0.2:631 


Click on Administrator Tab 
Click on Add Printer 


You should now get an error UPGRADE REQUIRED 
This is due to no SSL on the page 


15. Open the page not allowed 


by 


Your connection is not private 





Attackers might be trying to steal your information from 192.168.0.2 (for example, 
passwords, messages or credit cards). Learn more 





NET::ERR_CERT_AUTHORIT Y_INVALID 


Q To get Chrome'’s highest level of security, turn on enhanced protection 


Hide advanced Back to safety 


This server could not prove that it is 192.168.0.2; its security certificate is not trusted by 





your computer's operating system. This may be caused by a misconfiguration or an 
attacker intercepting your connection. 


Proceed to 192.168.0.2 (unsafe) 





16. Next we add a printer 
You will be asked to enter your pi user and password raspberry 


17. Your USB printer should be detected automatically under local printers 
Select your printer 


€ CA Notsecure | 192.168.0.2:631/admin/ 


CCl kelemmmaeiicm Administration BR@ESS- SiN s[-)|emmmetle)e\-mmm acela)ie) 
Add Printer 


Add Printer 





Local Printers: (©) CUPS-BRF (Virtual Braille BRF Printer) 
@ HP LaserJet 1010 USB OOCNFJ389794 HPLIP (HP LaserJet 1010) 
© HP LaserJet 1010 (HP LaserJet 1010) 
© HP Fax (HPLIP) 
Discovered Network Printers: 


Other Network Printers: © Backend Error Handler 
© Internet Printing Protocol (ipp) 
© Internet Printing Protocol (https) 
© Internet Printing Protocol (http) 
© Internet Printing Protocol (ipps) 
© AppSocket/HP JetDirect 
-» LPD/LPR Host or Printer 


| Continue | 


18. Select all the defaults and click Share This Printer 


¢ CA Notsecure | 192.168.0.2:631/admin 


Cl ecmetemmmmeiicm Administration PRG - aie a [-)|eemmnN 0) owe ea pln) (cle 
Add Printer 


Add Printer 





Name: |p Laserget 1010 
(May contain any printable characters except "/","#", and space) 
Description: |#> Laserget 1010 
(Human-readable description such as "HP LaserJet with Duplexer”) 




















Location: 





(Human-readable location such as “Lab 1") 
Connection: hp:/usb/hp_LaserJet_1010?serial=OOCNFJ389794|HP LaserJet 1010 
Sharing: & Share This Printer 


| Continue | 


19. You can manage the printer under Printers when you click on your printer 


& CA Notsecure | 192.168.0.2:631/printers/ * OH ® A] 
Printers 
Search in Printers: | | Search | Clear | 








Showing 1 of 1 printer. 


Queue Name Description Location Make and Model Status 
hp-LaserJet-1010 Hewlett-Packard hp LaserJet 1010 RaspAP HP LaserJet 1010, hpcups 3.18.12 Idle 


20. Run the following command to fix a print problem with hanging and reboot 
lpadmin -p PRINTERNAME -o usb-no-reattach-default=true 


Sudo Reboot 





Finished 


SETUP HPJETDIRECT PORT 9100 PRINTING 


Resources Guides: 
https://juur.link/2019/01/convert-usb-printer-to-network-printer 


Notes: sudo lpadmin -p HP_LaserJet_1010 -E -v socket://192.168.0.2:9100 
| thought | would add this, because everyone is always looking for this 


1.Install xinetd 
sudo apt-get install xinetd 


2.Go into CUPS printer admin and find your printers name you created before 
https://192.168.0.2:631/printers 





<J CG | A Niezabezpieczona | 192.168.0.2:631/printers/ 0 A Oo : 
Printers 
Search in Printers: | || Search || Clear | 





Showing 1 of 1 printer. 


Queue Name Description Location Make and Model Status 
hp-LaserJet-1010 Hewlett-Packard hp LaserJet 1010 RaspAP HP LaserJet 1010, hpcups 3.18.12 Idle 





3.Edit the services file and add the jetdirect port 9100 (may already be added, if not add at the bottom) 


sudo nano /etc/services 





4.To start listening on port 9100 edit the following file 
sudo nano /etc/xinetd.d/jetdirect 








5.Save your file 


6.Restart the xinetd and cups service 
sudo service xinetd restart 
sudo service cups restart 


You can now print to your printer on port 9100 as a network printer. Below in the workstation printer 
setup you can see how to print to the printer on windows and in Linux workstation we use CUPS and 


AppSocket/HP JetDirect 


Finished 


CONNECTING TO PRINTERS itn WINDOWS & LINUX 


Resource Guides: 
https://en.opensuse.org/SDB:Printing via TCP/IP network 


Notes: 
In Windows 10 you need to Enable Windows Discovery — Follow the Guide below 
https://www.thewindowsclub.com/enable-disable-network-discovery-windows 





3. Click Printers and Scanners 





=] Bluetooth & other devices 
Printers & scanners 

0 Mouse 

Typing 

df Pen & Windows Ink 

@) AutoPlay 


fl USB 


4. Click Add a Printer or Scanner 


€ Settings _ oO x 


ee 


Devices 


=] Bluetooth & other devices 
vas] Printers & scanners 

© Mouse 

Typing 

di Pen & Windows Ink 

©) AutoPlay 


Fl USB 


5. The Printer will automatically be found 


Printers & scanners 


Add printers & scanners 


Refresh 


O 


Searching for printers and scanners 


Tat Hewlett-Packard hp LaserJet 1010 @ RaspAP 
Printer 


The printer that | want isn't listed 


6. Click on the printer and click on Add Device 


vel Hewlett-Packard hp LaserJet 1010 @ RaspAP 


Printer 


Add device 


7. The Printer will now be installed and drivers automatically loaded, when finished loading do a 
test print 


We can also install printers from the Samba Share in windows 


1. Open File explorer and enter your CUPS server IP address in the address bar 
\\192.168.0.2 





= | 192.168.0.2 
Home Share View 7?) 
~ 4s GB» Network > 192.168.0.2 ¥ & Search 192.168.0.2 
|. Wallet A 
- S&S hp-Leseriet-1010 


@ OneDrive 


This PC 
“Bh 3D Objects 
fl Desktop 
|=| Documents 
4 Downloads 
d Music 
=) Pictures 


[& Videos 
Local Disk (C:) 


2. Simply Double Click on the printer to install it (You may be prompted for a driver) 


1. Wait for it to stop scanning and select The printer | want isn’t listed 


Printers & scanners 


Add printers & scanners 


Refresh 
© 


The printer that | want isn't listed 


2. Select Add Printer TCPIP Address 


@® Add Printer 


Find a printer by other options 


O My printer is a little older. Help me find it. 


t O Select a shared printer by name 


Example: \\computername\printername or 
http://computername/printers/printername/.printer 


@ Add a printer using a TCP/IP address or hostname 
O Add a Bluetooth, wireless or network discoverable printer 


O Add a local printer or network printer with manual settings 


Next Cancel 


3. Enter your CUPS Printer IP Address and click Next (e.g. 192.168.0.2) 





© @® Add Printer 
Type a printer hostname or IP address 
Device type: Autodetect 3 
Hostname or IP address: 192,168.0.2| 
Port name: 192.168.0.2_1 











Query the printer and automatically select the driver to use 


Next Cancel 


4. Windows will Detect settings (May be slow) 
When done select defaults and click NEXT 


©  @ Add Printer 


Additional port information required 


The device is not found on the network. Be sure that: 


1, The device is turned on. 

2, The network is connected. 

3. The device is properly configured. 

4. The address on the previous page is correct. 


If you think the address is not correct, click Back to return to the previous page. Then correct the 
address and perform another search on the network. If you are sure the address is correct, select the 
device type below. 


Device Type 
@Standard [REE DNR lee a EY 
© Custom Settings... 


Next Cancel 


5. Windows will next ask for a Driver to be installed 
Select your printers driver and click next next next to Finish 


@m Add Printer 


You've successfully added hp LaserJet 1010 HB 


To check if your printer is working properly, or to see troubleshooting information for the printer, print a 
test page. 


Print a test page 


Finish Cancel 


Resource Guides: 
http://www.chschneider.eu/linux/server/cups.shtm| 


Notes 

echo "Hi Network Printer!" | nc 127.0.0.1 9100 
echo "Hi POS printer!" > /dev/usb/Ip0 

cat message.txt > /dev/usb/lp0 


1. On the Linux Workstation open your Web browser with the link below (Cups must be installed 


http://localhost:631 
2. Click on “Add Printer” 
3. Click on “Add Windows SAMBA Printer” 


4. Select Manufacture and Drivers 


5. Enter the SAMBA Printer share option and enter with your server IP and Print Share 
smb://192.168.0.2/hp-LaserJet-1010 


6. Doa test print 


Finished 


CUPS PRINTERS MAINTANANCE 


Resource Guides: 





Notes: 
This cleans out any old printer jobs twice a day 


1. Create the following files 
sudo nano /home/pi/CupsMaint.sh 


2. Enter the following in the file 





3. Make the file executable 
sudo chmod +x /home/pi/CupsMaint.sh 


4. Enter the following at the bottom of the crontab to schedule the job twice a day 
sudo crontab -u pi -e 





5. When done save and exit 


6. Restart the CronTab service 
sudo service cron restart 


ES EEE 
SETTING UP AIRPRINT 


Resource Guides: 
https://pimylifeup.com/raspberry-pi-airprint 


Notes: 
This is for Apple Devices to print 


1. Let's install AirPrint (This may already be installed) 


sudo apt install avahi-daemon 


2. When done Reboot the system 
sudo reboot 


Finished 


EE ea EES 
SETTING UP ANDOIRD SMARTPHONES TO PRINT 


Resource Guides: 


PrinterShare Mobile Print (Tested and working) 


https://play.google.com/store/apps/details ?id=com.dynamixsoftware.printershare 





NokoPrint - WiFi, Bluetooth, USB printing 
https://play.google.com/store/apps/details ?id=com.nokoprint 





Notes: 
Apps are in the Google Play Store 


Install the app and search for the printer and print. You may be asked to install a generic driver. OK 
If problems search the samba work group and select the printer in there 


Finished 


"I 
@ 


SAMBA FILE SHARING SERVER 


& 


Resource Guides: 
https://lefkowitz.me/setu 
https://magpi.raspberrypi.org/articles/samba-file-server 
https://en.opensuse.org/SDB:Printing via SMB %28Samba%29 Share or Windows Share 
https://www.looklinux.com/how-to-mount-samba-share-smbfs-in-linux 


our-raspberry-pi 


a-network-share-via-samba-on 








Notes: 

#mount -t (will show you what vfat is mounted) 
umount <Partition> will unmount the drive or partition 
lpinfo -v 


1. Let’s make a folder what will be the root of the file share (Remember Linux is case sensitive) 


sudo mkdir -m 1777 /share 


2. Next we edit the smb.conf 
sudo nano /etc/samba/smb.conf 


3. Paste this next section at the bottom of the smb.conf file 





4. When done save and exit 


5. Now restart the samba services 
sudo systemctl restart smbd 


6. Now test and open the share in File Explorer in Windows 
Enter in the address bar your servers IP Address like below 
\\192.168.0.2 


> | 192.168.0.2 


| 
Home Share View 
_ 


~ 4 GB > Network > 192.168.0.2 v & Search 192.168,0.2 


(Desktop 
=| Documents 


4 Downloads 


d Music L share 
©) Pictures 


B Videos 

Se Local Disk (C:) 
wa 300GB (D:) 

wa J_CCSA_X86F (F: 
sm share (\\192.168, 


<S +? Laserlet_1010 S&S ip-Laseriet-1010 


we J_CCSA_X86F (F:) 
ai boot 

|. Donald 

fa Drivers 

efi 

| old 

i Software 
sources 

|_| support 


co Network 


3 items 


7. You now will see the folder share and the printers 
Right Click on the folder called "share" 
Select from the menu "Map Network Drive" 
Select the drive letter (Z) or other and click on FINISH 


"3 Map Network Drive 


What network folder would you like to map? 


Specify the drive letter for the connection and the folder that you want to connect to: 


Drive: Zz: Vv 
Folder: 192.168.0.2\share 
Example: \\server\share 
Reconnect at sign-in 


[_] Connect using different credentials 


Connect to a Web site that you can use to store your documents and pictures, 





Li 


[ Finish | Cancel 


8. You now will have a drive called Z: what is a network share between all users 
Test the folder by creating a file inside, if any problems check your config file. 


= | Y) |) = | share (\\192.168.0.2) (Z:) 


File Home Share View 
4 = > This... > share (\\192.168.0.2) ... vy & Search share (\\1 
& Downloads # % Name Date modified 
Ee Documents. # _] TEST DOCUMENTS 2/25/2021 1:08 PM 
©) Pictures 
ia Donald 


| Iso 


| School Work 
_ zadania 


@ OneDrive 


Text Document 


0KB 


1. Create a share on the Linux workstation 
sudo mkdir /Share 


2. Mount the share to the network share 
mount -t cifs -o username=pi,workgroup=workgroup,password=raspberry //192.168.0.2/share /Share/ 


3. Edit the fstab so the mount is connected each time the workstation is rebooted 
sudo nano /etc/fstab 





4. When done Save and continue 
5. Create a symbolic link (shortcut) to the user’s desktop 
In -s /Share /home/pi/desktop/Share 


6. Now the user will have the Network Share on his desktop 


Finished 


Resource Guides: 
Notes: This will allow us to monitor the space on the share 


1. Create the following files (Change the VAR3 to start alerting) 


sudo nano /home/pi/spacewarn.sh 








2. When done Save and continue 


3. Make the file executable 
sudo chmod +x /home/pi/spacewarn.sh 


4. Enter the crontab to enter the scheduled job 
We create a check every hour 
sudo crontab -u pi -e 





5. When done Save and continue 
7. Restart the CronTab service 


sudo service cron restart 


Finished 


Sac aa rans ea an noc ec caccae orascac erase 
CONNECTING TO YOUR FILE SERVER (ANDROID) 


Resource Guides: 


Notes: 
To see your files from your smart phone 
Visit the google play store 


https://play.google.com/store/apps/details ?id=com.cxinventor.file.explorer&hl=en&gl=US 








Click on NETWORK 

Click on the big PLUS + 

Click on REMOTE 

Click on LOCAL NETWORK 

Click on your server name (RASPAP) 
Select ANONYMOUS 

Click on OK 

You now should have access to the SHARE 


ON DN RWNPE 


Finished 


EE ea ES 
BACKUP ONLINE SAMIBA FILE SHARE - GOOGLE 


7 
UL 


Resource Guides: 

https://rclone.org/install 
https://medium.com/@artur.klauser/mounting-google-drive-on-raspberry-pi-f5002c7095c2 
https://medium.com/@shubhankarranade30/raspberry-pi-as-nas-with-automated-backup-to-cloud- 








95be588ed3e5 


Notes: 

We backup the shared drive so we don’t lose our work in a disaster 
http://127.0.0.1:53682/Auth 

sudo nano SHOME/.config/rclone/rclone.conf 

sudo nano root/.config/rclone/rclone.conf 

sudo rclone config 


1.Install RCLONE 
sudo apt-get install rclone 


2.Get a Google Drive Client ID 
httos://console.developers.google.com 


3.Login and Click on CREATE PROJECT 


4 Your free trial is waiting: activate now to get $300 credit to explore Google Cloud products. Learn more DISMISS ACTIVATE 


= Google Cloud Platform Selecta project w 





API APls & Services Dashboard Qa. 


> = Dashboard 
@ = Toview this page, select a project. CREATE PROJECT 
a Library 
© Credentials 
iy OAuth consent screen gt 


Domain verification 


% Page usage agreements 


4.Give your project a name and click create. 
New Project 


You have 12 projects remaining in your quota. Request an increase or 
delete projects. Learn more 


MANAGE QUOTAS 


Project name * 
| MYPICLONE (2) | 
Project ID: mypiclone. It cannot be changed later. EDIT 


Location * 
FB) No organization BROWSE 


Parent organization or folder 


CREATE CANCEL 


6. Click on ENABLE APIS AND SERVICES 





Google Cloud Platform $e MYPICLONE w 






APls & Services 





APIs & Services 


3+ Dashboard 


7 Library 
Or Credentials Traffic x 
1.0/s 
iy OAuth consent screen 
0.8/s 
Domain verification 
0.6/s 
=o Page usage agreements A No data is available for the selected time frame 
04/s 
0.2/s 
0 
Feb 21 Feb 28 Mar 07 Mar 14 





7. Search and Click on GOOGLE DRIVE API 


= Google Cloud Platform $e MYPICLONE w 


< API Library 


vevyre vivwan rwyry 





Google Workspace (18) 
Healthcare (4) 
Machine learning (8) 
Maps (17) 

Mobile (12) 





Calendar API 






Google Drive API 


Monitoring (4) Google 




















tetworking (2) The Google Drive API allows clients d with Google Calenda 
Security (6) to access resources from Google ¢ Calendar API. 
Social (4) Drive 
Storage (5) 
YouTube (3) 
Other (82) 

ud ae | 

YouTube Data API v3 YouTube Analytics API 


Gannile Gannile 


8. Click on ENABLE 


Google Cloud Platform $ MYPICLONE w 





Google Drive API 


Google 





Bwive API allows clients to access resources from G 


AN 










TR IS API 


OVERVIEW DOCUMENTATION 


9. Click on CREATE CREDENTIALS 


€Fefoye| [= Cloud Platform $« MYPICLONE w~ Q Search products and resources 





& APIs & Services O ; @ DISABLE API 
Google Drive API wiatial 


Hy Overview 
Ci} To use this API, you may need credentials. Click 'Create credentials’ to get started. 





~~ Metrics 
l=} Quotas a> ; 
== Details 4 Traffic by response code 
Or Credentials N 
Sime Request/sec (2 hr average) 

Google Drive API 
Drive UI Integration 

By 1.0/5 

lick li 
10. Click on Client ID 


Google Cloud Platform $ MYPICLONE w Q Search products and resources 





API APls & Services Credentials 


<> Dashboard Add credentials to your project 


it Library 1 Find out what kind of credentials you need 


We'll help you set up the correct credentials 


Or Credentials If you wish you can skip this step and create an API ervice account 





Which API are you using? 


4 OAuth consent screen Different APIs use different auth platforms and some credentials can be restricted 


to only call certain APIs. 
Domain verification Google Drive API = 


~ Rage usage agreements Where will you be calling the API from? 


Credentials can be restricted using details of the context from which they're called. 
Some credentials are unsafe to use in certain contexts. 


thar nani ll fa a eran inh daaman)\ = 


11. Click on CONFIGURE CONTENT SCREEN 


Google Cloud Platform  $* MYPICLONE ~ Q Search products and resources 





API APls & Services < Create OAuth client ID 





*3* Dashboard Aclient ID is used to identify a single app to Google's OAuth servers. If your app runs on 


multiple platforms, each will need its own client ID. See Setting up OAuth 2.0 for more 


fd : 
tu —_— Library information. 


S\ 


CONFIGURE CONSENT SCREEN 


oO Credentials 
A To create an OAuth client ID, you must first set a product name on the consent screen 





iy OAuth consent screen 





Domain verification 


= Page usage agreements 


12. Enter your APP NAME and Email 


Google Cloud Platform $« MYPICLONE w Q Search products and resources 





API APIs & Services Edit app registration 


> Dashboard 


2 die App information 


© Credentials This shows in the consent screen, and helps end users know who you are 
and contact you 


iy OAuth consent screen 
App name * 


Domain verification my-rclone 


The name of the app asking for consent 
=e Page usage agreements 

User support email * 

pi.server.message@gmail.com 


For users to contact you with questions about their consent 


App logo BROWSE 


Upload an image, not larger than 1MB on the consent screen that will help users recognize 
your app. Allowed image formats are JPG, PNG, and BMP. Logos should be square and 
120px by 120px for the best results. 


13. Click on ADD OR REMOVE SCOPE 





Google Cloud Platform $« MYPICLONE w Q Search products and resources 
API APls & Services Edit app registration 
‘Dashboard @ OAuth consent screen — @ Scopes — @ Testusers — @} Summary 
ni Library 


Scopes express the permissions you request users to authorize for your 
app and allow yourprofect to access specific types of private user data 
ro earn more 


Or Credentials 








iy OAuth consent screen 


Domain verification 


=o Page usage agreements 


Your non-sensitive scopes 


14. Select GOOGLE DRIVE API (SEE, EDIT, CREATE and DELETE GOOGLE DRIVE FILES) AUTH DRIVE 


CL Google ..fauth/docs See, edit, create, and delete all of your Google Drive files 
Drive API 

Google .fauth/drive See, edit, create, and delete all of your Google Drive files 
Drive API 

CL Google auth drive apodata See, create, and delete its own contiguration data in your 
Drive API Google Drive 


15. Click SAVE AND CONTINUE 





Google Cloud Platform $« MYPICLONE w Search products and resources 
API APIs & Services Edit app registration 
“Dashboard Your non-sensitive scopes 
tit Library 
API 4 Scope User-facing description 
Oo» Credentials No rows to display 


iy OAuth consent screen 


Domain verification a 
A Your sensitive scopes 


=o Page usage agreements Sensitive scopes are scopes that request access to private user data. 
API 4 Scope User-facing description 
Google - See, edit, create, and delete all of u 
Drive API ./auth/docs your Google Drive files 


@ Your restricted scopes 


Restricted scopes are scopes that request access to highly sensitive user data. 


API 4 Scope User-facing description 


No rows to display 


(\ SAVEAND CONTINUE “\CANCEL 
“ 





16. Click on CREDENTIAL and click on CREATE CREDENTIALS and select OAuth client ID 














Google Cloud Platform %¢ MYPICLONE w Q Search products and resources 
API APIs & Services Credentials + CREATE CREDENTIALS @ DELETE 
‘3° | Dashboard Create credentials to aci 
TH Library 
API Keys 
oO Credentials ‘ Rien ot 
i Name N——SerriceStcon SS R 
ty OAuth Consent screen NoAPl kevein dibpid Enables server-to-server, app-level authentication using robot accounts 
Domain verification Help me choose 


OAuth 2.0 Clie Asks a few questions to help you decide which type of credential to use 
=o Page usage agreements 








[] Name Creation date J 


No OAuth clients to display 


Service Accounts 


Oo Email Name 4S 


No service accounts to display 


17. Select DESKTOP APP under Application Type and under NAME enter a name and click CREATE 








= Google Cloud Platform $« MYPICLONE wv Q_ Search products and resources 
API APIs & Services < Create OAuth client ID 

*3* Dashboard A client ID is used to identify a single app to Google's OAuth servers. If your app runs on 
i multiple platforms, each will need its own client ID. See Setting up OAuth 2.0 for more 
= Library information. 

Or Credentials Application type * 

Desktop app v 

iY OAuth consent screen Learn more about OAuth client types 


Name * 
my rclone client 


Domain verification 


=o Page usage agreements The name of your OAuth 2.0 client. This name is only used to identify the client in the 
console and will not be shown to end users 


18. You now will be presented with your Client ID and Secret. 


OAuth client created 


The client ID and secret can always be accessed from Credentials in APIs & 





Services 
OAuth is limited to 100 sensitive scope logins until the OAuth 
consent screen is verified. This may require a verification process 
that can take several days. 
Your Client ID 





Your Client Secret 





OK 


19. Create a test user, Enter your email for this Gmail account. 


Google Cloud Platform & MYPICLONE + Q Search products and resources 





APT APIs & Services OAuth consent screen 


«+ Dashboard 


Test users 
Library 


EE 


While publishing status is set to "Testing", only test users are able to access 
the app. Allowed user cap prior to app verification ts 100, and is counted 


GO Credentials Soret 
over the entire lifetime of the app. Learn more 


iy OAuth consent screen 
+ ADD USERS 


a Domain verification 


=o Pagé usage agreements 
luser(1test,dother)/100usercap @ 


20. Run RCLONE config and enter as follows when prompted at each section 
sudo rclone config 








Open the browser link you were given like above in your web browser. You may be asked login and to 
allow access twice , until you get the code. Record it in a safe place and enter it as below. 


Google 
Sign in 


Please copy this code, switch to your application and paste it there 


Pr O 


oe 
-—— 





21. Open GDrive and create a document in the root and test if its working 
sudo rclone Is --max-depth 1 gdrive: 





WARNING: IF YOU ARE DOING A SYSTEM RESTORE BACKUP AND DOWNLOAD YOUR GDRIVE DATA OR 
IT COULD BE ALL LOST WHEN SYNC 


TESTING (First copy all your data to your share before you sync or copy this is just a test) 


sudo rclone copy /share gdrive: --fast-list --dry-run 


COPY DATA (This isthe real run, it will erase everything on GDrive and replace it wth the USB share) 


sudo rclone copy /share gdrive: --fast-list 


22. Create the following file 
sudo nano /home/pi/gsync.sh 


23. Enter the following info into the file 





24. When done Save and continue 


25. Make the file executable 
sudo chmod +x /home/pi/gsync.sh 


26. Edit the crontab to enter a scheduled job once a day (Google restricts daily connection limits) 


sudo crontab -u pi -e 





27. Restart the CronTab service 
sudo service cron restart 


Finished 


SETUP SERVER HEALTH REPORTS 


Resource Guides: 

https://linuxhint.com/list-usb-devices-linux 
https://www.pragmaticlinux.com/2020/06/check-the-raspberry-pi-cpu-temperature 
https://www.maketecheasier.com/finding-raspberry-pi-system-information 





https://www.hackster.io/elizabethna/pi-health-dashboard-9935cf 


Notes: This is a daily report on the server health 


1. Make and Admin Directory in the Samba Share 
sudo mkdir /share/Admin 


2. Create the following file 
sudo nano /home/pi/systeminfo.sh 


3. Enter the following info into the file (Remove the # for email and change for your email) 





alludultle 





# OUTPUT TO A FILE 

printf 

VT SK OK OK OK 2K OK OK OK 26 OK OK OK OK OK OK OK OK OK OK OK OK OK OK KOK OK KOK OK KOK KOK KK KK OK KK KK KK KK KKK KKK KK KKK KK KKK KKK KKK KKK KK KK KKKKK KKK K 
FILEnSVanini ene ere ee Eee ee nee he Oe ee er ne 
AeA ete ee ee San Degrees 

Ni re a ee er ee en ee errs re eee te me are 
FERRERS E RE CEA E SAE EES MEMORY WSED\n to tte oe te Ret ere reer ee Svar 
Mie en or ner a re eer a ee Oa ee ee 
Tete ete Tea t eee eee Teno USED Mier eet et more Nn Sval Percent 
RiGee ne OG eee ee ee re ee ee et re 
FEEESE SCARS EERE ATSC ERE ONE VWORK SPAS! ee eee ee svars 
i NN a Le 
Mice ro ort teen ee eee eee Re Pee ere eee ee Seen eee eee ee 
REE ee ee ee ovale 


Mite 0 eee oe ere ele ee eer eer re nn ee ee en eee eee ene 


Mico eo ee Oo oe Rene eee ete eee oo ee ree ere eo ee 
USER PI \nSvar7 \n USER ROOT \nSvar7a 
MQ te eee ete hee treet ee eee Cee eR ee eee eet eee eee eee eee ee eee 

2K 2K XK XK OK KK OK OK KK KOK OK OK OK OK OK KK OK KK KK KK KK KK KKK K 
DRIVES\n nSvar8 
Mict oo Cote Ont eee ee ee eee a eee ee or cree 
KKKKKKKKRKKKKKKKKKKKKKK KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK 

\nPARTITIONS\n \nSvar9 

i ls 
Mi eres eee Rete ee Toe eee eee eee ee eee een ten 
De ee eee em eae Cea re ar ar ee ene ee ae ae eee re 
Mico oe te Oe neo eee ee ee oe Cae tee eee eee Saree enn eee ane 
Wet ee ee ere a ear rn ee re ee ee 


Mite re ee eee On eee tem per re ee noe 


CELA LESS eS Ae Pee ee Silabe/ AGndiny oyStemHeaith.txt 


4. When done Save and continue 


5. Make the file executable 
sudo chmod +x /home/pi/systeminfo.sh 


6. Edit the crontab to enter a scheduled job 
We create this check every morning 
sudo crontab -u pi -e 


7. Enter the following at the bottom 





8. When done Save and continue 


9. Restart the CronTab service 
Sudo service cron restart 


Finished 


SETUP OVER HEATING ALERTS 


Resource Guides: 
https://www.raspberrypi.org/documentation/raspbian/applications/vcgencmd.md 
Note use vcgencmd command if using a real pi to get the health status of a pie 
vcgencmd 


Notes: 
Pi Systems can sometimes over heat. Checks every 30 minutes 


1. Create the following file 
sudo nano /home/pi/heatalert.sh 


2. Remove the Hash # to activate email and enter the following 








3. Make the file executable 
sudo chmod +x /home/pi/heatalert.sh 


4. Enter the crontab to enter the scheduled job for checking 
We create a check every 30 minutes 
sudo crontab -u pi -e 


5. Enter the following at the bottom of the file 





6. Save the settings when done 


7. Restart the CronTab service 
sudo service cron restart 


Finished 


SETUP SYSTEM LOW DISC SPACE ALERTS 


Resource Guides: 
https://stackoverflow.com/questions/2 7491881/linux-command-to-lookup-total-disk-and-harddrive- 
numbers 





Notes: 
The USB or HDD can get full and stop everything working (We can make the computer beep) 


1. Create the following file 
sudo nano /home/pi/drivewarn.sh 


2. Enter the following into the file 











3. Save your file when done 


4. Make the file executable 
sudo chmod +x /home/pi/drivewarn.sh 


5. Enter into the crontab the scheduled job 
We create this check every hour 
sudo crontab -u pi -e 





6. Save your file when done 


7. Restart the CronTab service 
sudo service cron restart 


Finished 





SETUP C 


Resource Guides: 
https://pimylifeup.com/raspberry-pi-clamav 


Notes: Since we have a shared unsecured folder we need to scan the system and folders for threats daily 


clamscan -r /home /mount 
clamscan -r --move=/quarantine/ /home 
clamscan -r --remove /home /mount 


1. Create the directory for the log reports 
sudo mkdir -m 1777 /var/log/clamav/ 


2. Create the quarantine directory to move infected files into 
sudo mkdir -m 1777 /quarantine 


3. Install CLAMAV and when prompted select y for yes 
sudo apt install clamav 


4. Create the script file 
sudo nano /home/pi/scanvirus.sh 


5. Enter the following in to the file and remove the hash and change the email to email the scan logs 





a 
— 





6. When done editing, save your file 


7. Make the file executable 
sudo chmod +x /home/pi/scanvirus.sh 


8. Enter into the crontab the scheduled job 
We create this check every hour 
sudo crontab -u pi -e 





9. Save your file when done 


10. Restart the CronTab service 
Sudo service cron restart 


11. Reboot the computer 
sudo reboot 


Finished 


CCTV Monitor ( Raspberry WebCam Monitoring ) 


Resource Guides: 

https://wolfpaulus.com/raspberrypi webcam 
https://www.instructables.com/How-to-Make-Raspberry-Pi-Webcam-Server-and-Stream- 
https://pimylifeup.com/raspberry-pi-webcam-server 
https://linuxhint.com/list-usb-devices-linux 

https://motion-project.github.io/motion build.html 
https://electronnicproject.blogspot.com/2017/07/raspberry-pi-surveillance-camera-with.html 








Notes: sudo service motion restart 
sudo service motion stop 


lsusb 
dmesg | less 
usb-devices 


1. Run the Update 
sudo apt-get update 


2. Install all the dependencies 

sudo apt install autoconf automake build-essential pkgconf libtool git libzip-dev libjpeg-dev gettext 
libmicrohttpd-dev libavformat-dev libavcodec-dev libavutil-dev libswscale-dev libavdevice-dev default- 
libmysalclient-dev libpq-dev libsqlite3-dev libwebp-dev 


3. Download Motion and install 
sudo apt-get install motion 


4. Edit the config file and change as below 
sudo nano /etc/motion/motion.conf 





lil 


6. Save the settings 


7. Change the following 
sudo nano /etc/default/motion 





8. Save settings 


9. Make the following directories 
sudo mkdir -m 1777 /share/motion 


sudo mkdir -m 1777 /share/motion/archive 


10. Start the Service 
sudo service motion restart 


11. Open your web Browser and view 
http://192.168.0.2:8081 


12. Check the folder for recording or Images 
Is -al //share/motion 


13. Let’s create an email alert with endless looping 
sudo touch /home/pi/CCTVStart.sh 


14. Change permissions to be executed 
sudo chmod +x /home/pi/CCTVStart.sh 


15. Edit the file 
sudo nano /home/pi/CCTVStart.sh 








iT 


16. Save the settings 


17. RUN THE MOTION CAMERA AT NIGHT AT HOME for 6 Hours (You decide) 
sudo crontab -u pi -e 





18. Restart the CronTab service 
sudo service cron restart 


Finished 


PORT FORWARDING TO SEE THE CCTV CAMERA 
FROM THE INTERNET (NO ROUTERS NEEDED) 


Resource Guides: 
htto://www.portmap.io 


Notes: This will allow you to see your CCTV regardless of been blocked by your ISP or sitting behind a 
private network on your router. If you have a static internet IP you can port forward from the router 
without the other steps. (Many documents on the internet how to do this) 


systemctl start openvpn # Starts OpenVPN and connects to OVPN 
systemctl stop openvpn # Stops OpenVPN 

systemctl restart openvpn # Restarts OpenVPN 

systemctl status openvpn # Shows status for OpenVPN 


1.Login or register an account for free at http://www.portmap.io 


= C  &@ portmap 10 w fq * @ 


nortan a 


Port forwarding becomes easier 


Make your home PC available from Internet without real IP address 





2.Click on CREATE A NEW RULE 


portma p.i0 REGIONS CONFIGURATIONS MAPPING RULES SUPPORT AP| BETA & DWALF  £) 


Wife eyeyiare atl(cM iam Bl-icelllimc-re (ela) 








Display 


VO Config Tunnel Rule Host header Allowed IPs Actions 





3.Set the new rule with HTTP and the PORT ON PC to 8081 for the CCTV Monitor Webpage. 


9 qbu\N9VnsqO v Jeri noistsiwgitnoD 
9 . quir lod03019 
v oi.qsminog e382-tlswd emisnj20H 
9 eedse oi.qsmisi04 no 3109 
9 r808 29 Woy No F104 
iS) 


19bs9ri 320H 


291 bswollA 


— : 


4.Click on FIRST to reveal the connection data. 


SUBSCRIBE AND GET MORE 





Display |50 v | records Search: 
V/O Config Tunnel Rule Host header Allowed IPs Actions 


0 OB C=) OpenVPN/udp tcp://Dwalf-58699.portmap.io:58699 => 8081 Goa 


Showing 1 to 1 of 1 entries 








5.Click on COPY TO CLIPBOARD 


Name first @ Type OpenVPN @ s~wProto udp @ Comment = DNS Qe 


USING OPENVPN TUNNEL 


1. Install OpenVPN software 
2. Download configuration file 
3. Create a mapping rule 


4. Start OpenVPN tunnel using the file 


C:BF-CBC openvpn --config Dwalf.first.ovpn 






fed 






enBmCRAmKGQDRxUk7pnCbMNKZ/3u 


a A TFEAFATIMO hen TAP IME La 


§, Copy to clipboard 


er 






= Download 


6.Create the file cctvvpn.ovpn and paste the data by right clicking from the clipboard from portmap.io 
sudo nano /home/pi/cctvvpn.ovpn 


GNU nano 3.2 /home/pi/cctvvpn.ovpn Modified 





Sone 


7.Save the file 


8.Install the openvpn software (reboot after the install if needed and enter y if prompted during install) 


sudo apt-get install openvpn 


9.Setup the openvpn start service to connect to the VPN by creating a script file 
sudo nano /home/pi/remotecctvstart.sh 





10.Save your settings 


11.Change permissions to be executed 
sudo chmod +x /home/pi/remotecctvstart.sh 


12.Setup the openvpn disconnect service to end the VPN by creating a script file 
sudo nano /home/pi/remotecctvend.sh 





12.Save your settings 


13.Change permissions to be executed 
sudo chmod +x /home/pi/remotecctvend.sh 


14.Setup the crontab to run the service when the REMOTE CCTV VPN is to be switch on 
sudo crontab -u pi -e 


15.Enter the following 





16.Save the settings 
17. Restart the CronTab service 


sudo service cron restart 


18.Go back to portmap.io and get the rule address (Write it down) 


SUBSCRIBE AND GET MORE 


Display | 50 v records Search: 


1/0 Config Tunnel Rule Host header Allowed IPs Actions 







eg ES) 


& OB first OpenVPN/udp 






Showing 1 to 1 of 1 entries 





19.Lets edit the email from the CCTV Motion Setup to reflect the outside URL address 
Get ready with the URL and port portmap.io give you. 
Example: http://Dwalf-58669.portmap.io:58699 

sudo nano /home/pi/CCTVStart.sh 


test -f /share/motion/capture.jpg 


dl Ol ol Les aun va ol —mar- heaet- Led ells 


5leep 10 





20.When finished editing save 


21. Test your external link from a mobile phone internet. Open your link from portmap.io 
sudo systemctl start openvpn 

sudo service motion start 

/home/pi/remotecctvstart.sh 


Example Link: http://Dwalf-58699. portmap.io:58699 


A Not secure | dwalf-58699.portmap.io:58699 





22. When finished testing, stop the service if need be. 
sudo service motion stop 


/home/pi/remotecctvend.sh 


23.Make sure your motion config file is setup to authenticate with a username and password. You 
should be prompted for one if you followed this guide. pi/raspberry 


Finished 


WARNING: 


EFORE YOU CONTINUE 
SELECT ONLY ONE OF THE FOLLOWING SETUPS 





SETUP WIFI ON AND OFF 


OPTION 2: 

PI-HOLE 

SETUP Pl WEBSERVER FOR EASY ACCESS 
UNBOUND 





RaspAP - Raspberry W 


Resources Guides: 
https://raspap.com 





Notes: This is OPTIONAL, YOU CAN USE YOUR ROUTER WIFI, ALSO THERE IS SOME BUGGY BITS WITH 
THE STATIC IP ON THE LAN — HENCE THE NEED FOR A DHCP RESERVATION ON YOUR ROUTER, | NOTICED 
SOME WIFI USB IS NOT AS GOOD IN STREANTH AS A DEFAULT ROUTER WIFI AP. | AM USING A USB WIFI 
(Ralink Technology, Corp. RT5370) | have also tested with other cheap WIFI USB did not work at all) 


1. First update 
sudo apt-get update 


2. After the update reboot 
sudo reboot 


=} IMPORTANT: We need to set the localization of the WIFI else the setup will fail. 


sudo raspi-config 


4. Select 5 Localization Options Menu 


ee pi@RaspAP: ~ 


Raspberry Pi Software Configuration Tool ({raspi-config) 


System Options 
Display Options 
Interface Options 
Advanced Options 
Update 

About raspi-config 


<Select> 


i ie a BA ae me ee 
Gq tt I 


Ln 2 1. i be BREE oe 





Configure system settings 

Configure display settings 

Configure connections to peripherals 
-onfigure language and regional settings 
Configure advanced settings 

Update this tool to the latest version 
Information about this configuration tool 


<Finish> 


5. Select L4 WLAN Country Set Legal wireless channels for your country 





pi@RaspAP: ~ = O x 


Raspberry Pi Software Configuration Tool (raspi-config) 


Locale Configure language and regional settings 
Timezone Configure time zone 
Keyboard Set keyboard layout to match your keyboard 


3 WLAN 


<Select> <Back> 








6. Select your country (example GB) 


gp pi@RaspAP: ~ — O x 


Select the country in which the Pi is to be used 


FO Faroe Islands 
FR France 


Grenada 
Georgia 
French Guiana 
Guernsey 
Ghana 
Gibraltar 


— PUTRTERUTR TERETE MT 


<Cancel> 





7. Select OK 


gf pi@RaspAP: ~ a O x 


Wireless LAN country set to PL 





8. Tab select FINISH 





9. You will be asked to reboot. 
Tab Select YES 


mp pi@RaspAP: ~ _ O x 


Would you like to reboot now? 





10. The system will reboot. 


11. Next we run the script for RaspAP (Raspberry Access Point) Installer 
While the quick installer runs select Y (yes) for all options 


curl -sL https://install.raspap.com | bash 


12. When Finished Installing Reboot the system, select Y¥ to reboot. 


me pi@RaspAP: ~ ~ LJ x 


) upgraded, O new 





p/openvpn/configauth.sh Erom root:rect to reoet: 


pap/ openvpn/ openvpniog.sn rom root: root to Foot: 


13. You should now have the following setting defaulted settings 





14.If you already have a PI-HOLE setup on another computer then DHCP DNS to point to your Pi-HOLE 


Example: 192.168.0.6 or leave BLANK 


€ GC A Notsecure | 192.168.0.2:8082/dhcpd_conf 


Enable this option if you want RaspAP to assign IP addresses to clients on the selected interface. A static 


IP address is required for this option. 
Starting IP Address 


10.3.141.50 


Ending IP Address 


10.3.141.25 


Lease Time Interval 


12 Hour(s) v 


DNS Server 1 


DNS Server 2 


Metric 





Information provided by Dnsmasq 








15.OPTIONAL: If you have issues edit and repair 


sudo nano /etc/dhcpcd.conf 


Where static domain name server is you can use 8.8.8.8 8.8.8.4.4 if not using PI-HOLE 





16. We need to modify the UFW firewall to serve RaspAP DHCP clients so edit the following 
sudo nano /etc/default/ufw 


17.Change the following to ACCEPT 





18.To change the Wireless SSID select HOTSPOT, change the SSID and SAVE SETTINGS 


Status 
\ ®@ Hotspot active (0) Hotspot 
© @ Memory Use: 12% 


©) CPU Temp: 64.1°C 
Basic Security Advanced Logging 


© Hotspot . . 
i Basic settings 


Interface 





Wireless Mode 


302.11g - 2.4 GHz 


Channel 


Information provided by hostapd 


19.Next Click on SECURITY and change the password then SAVE SETTINGS and RESTART HOTSPOT 


RaspAP 


Status 
\ @ Hotspot active (0) Hotspot 
© @ Memory Use: 12% 


“CPU Temp: 64.1°C 


Dashboard Basic Security Advanced Logging 
© Hotspot , ; 
‘ Security settings 
DHCP Server Security type 
Ad Blocking WPA2 v 
Networking Encryption Type 


WiFi client CCMP vr 






OpenVPN 






PSK 





Authentication YourPASSWORDHerd 





Change Theme 
Data usage 
System 


About RaspAP 


Finished 


SETUP WIFI ON AND OFF (LESS EMF RADIATION) 


Resources Guides: 
https://www.raspberrypi.org/documentation/linux/usage/cron.md 
https://discussions.flightaware.com/t/how-to-setup-nightly-reboots-for-your-raspberry-pi/15821 





https://raspberrytips.com/disable-wifi-raspberry-pi 


Notes: 

Less radiation and keeping hackers away at night 
To see the date and time type the command 

date 

To see the crontab jobs type the command 

sudo crontab -| 


1.Create the following file 
sudo nano /home/pi/wifiup.sh 


2.Enter the following 





3.Save the settings 


4.Make the file executable 
sudo chmod +x /home/pi/wifiup.sh 


5.Create the following file 
sudo nano /home/pi/wifidown.sh 


6.Enter the following 





7.Save the settings 


8.Make the file executable 
sudo chmod +x /home/pi/wifidown.sh 


9.Enter the crontab to enter the scheduled job 
Off at 1am and back on at 6am 


sudo crontab -u pi -e 





10.Save the settings 


11. Restart the CronTab service 
sudo service cron restart 


12.Test to see if the WIFI is up or down enter 
sudo ifconfig 


Finished 


INSTALLING PI-HOLE (DNS BLACKHOLE) 


Resources Guides: 

https://docs.pi-hole.net/main/basic-install 
https://www.smarthomebeginner.com/pi-hole-setup-guide 
https://www.smarthomebeginner.com/pi-hole-setup-guide 
https://github.com/mmotti/pihole-regex/blob/master/regex.list 
https://lunarwatcher.github.io/posts/2020/05/17/what-i-learned-after-using-pihole-for-a-week.html 
https://planeteggroll.home.blog/2019/01/27/pi-hole-installation-and-tweaks 
https://discourse.pi-hole.net/t/why-should-pi-hole-be-my-only-dns-server/3376 








Notes: PI-HOLE stops computers from accessing certain websites, kills unwanted traffic, adverts, bad 
websites and makes your internet faster. 
In some cases your internet router or ISP may not support IPv6 
If you have only a IPv4 Router select only IPv4 (Most Compatible) 
If you have errors restart the install and def change to IPv4 or change DNS Servers Options 
If you Continue to have error run update and upgrade and restart the install 

pi-hole uninstall 

pi-hole restartdns 

pi-hole -r (Re-Configure) 

pi-hole status 

pihole -| off 

pihole disable 10m (minutes) or pihole disable 

cat pihole.log 





1. Start the Pi-Hole Installation (When prompted say y for yes for all defaults) 
sudo curl -sSL https://install.pi-hole.net | bash 


2.Click OK 








3.Click OK 





4.Click OK 





5.Select ETHO for wired network Card and Click OK (If you have WIFI select the other) 





6.Leave GOOGLE as default DNS and click OK 





7.Leave the LISTS settings as default and click OK 





8.Right so this is where it gets tricky, if your router and ISP support IPV6 then select both options else 
only select IPV4 only. You can try both and if you get errors start the install again. Click OK 





9.Leave as default and click OK 





10.Click OK 





11.Click OK 





12. Click OK 





13.Click OK 





14.Click OK 


Select a privacy mode for FTL. 
https://docs.pi-hole.net/ftldns/privacylevels/ 


<Cancel> 





15.The System will now install 


ehh Fh Fh Fh Fh Fhe Fh eg 


eh Rh 


Fh Fh Fh 


ehoeh Rh Fh Fh Fh Fh Fh 








Installation Complete! 


Configure your devices to use the Pi-hole as their DNS server 
using: 


IPv4: 192.168.0.2 
IPv6: Not Configured 


If you set a new IP address, you should restart the Pi. 


The install log is in /etc/pihole. 


View the web interface at http://pi.hole/admin or 
http://192.168.0.2/admin 


Your Admin Webpage login password is ZC8jHrmc 








5. Change the password to nothing (Just enter with blank) 
pihole -a -p 


6. Change Long Term DATA Storage to 1 day kept. (Add the following line to the end of the file) 
sudo nano /etc/pihole/pihole-FTL.conf 





7. Reboot the system 
sudo reboot 


8. RUN THE RECOMENDED UPDATE AGAIN 
sudo apt-get update 


9. Reboot the system 
sudo reboot 


10.To Access the Pi-Hole Open your Internet Browser and open one of the below. 


Pi-hole eieliss raspberrypi Pi-hole 


Status | 
; Total queries (12 clients) Queries Blocked Percent Blocked Domains on Blocklist 
Active |) Temp: 41.2 °C 
Load: 0.59 0.35 0.37 
areca 1,252 35.8% 293,037 
3 b i: b 


@ Dashboard 





Total queries over last 24 hours 


Bi Query Log 


600 
Long-term data 500 
© Long-term da ee 
300 
@ Whitelist a i I Nh lily | nh il | | | | 
ito Ir ill Irs. otal ll ltl 
oll Hitt l HL ht. al... | Pee ee an iL wll | 
© Blacklist 18:00 19:00 20:00 21:00 22:00 23:00 00:00 01:00 02:00 03:00 04:00 05:00 06:00 07:00 08:00 09:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 


#£@ Group Management 
Client activity over last 24 hours 
@ Disable 





700 
600 
Be Tools 500 
400 
300 
02 Settings 200 | | lil 
mT fst, LL. HDL 
oll | i Ao Pam me | me ||| Pa || ili 
B Local DNS 18:00 19:00 20:00 21:00 22:00 23:00 00:00 01:00 02:00 03:00 04:00 05:00 06:00 07:00 08:00 09:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 
P Donate 
Query Types Queries answered by 


@ Documentation 


Gl A (|Pv4) GS blocklist 
HB AAAA (iPve) WM cache 
i ANY HB localhost#5335 





11. Click on GROUP MANAGEMENT and CLICK ON ADLIST 


tae Group Management 





Adlist group management 


Add a new adlist 


1. Please run pihole -g or update your gravity list online after modifying your adlists. 
2. Multiple adlists can be added by separating each unique URL with a space 


List of configured adlists 


Show 10 ~ entries Search: 


Address Status Comment it assignment Action 





13.Below is a list of websites where most people get their adlists, these lists vary from adverts, 
telemetry and bad sites for blocking. (No warranty given, use at own risk) 





14. Update the Adlists when finished loading lists (This makes the lists work) 
pihole -g 

or 

http://192.168.0.6/admin/gravity.ph 


14. Create a CRONTAB to update the Adlist once a week and Reboot once a week 
sudo crontab -u pi -e 





15. Restart the CronTab service 
sudo service cron restart 


SETTING DHCP AND DNS TO USE PI-HOLE 


Resources Guides: 


Notes: Once you setup PI-HOLE you may want to opt to use PI-HOLE DHCP or JUST DNS 


1.To enable DHCP on PI-Hole click on settings and DHCP and enable it 

WARNING: Only one DHCP can be running on your network. The reason most people use Pi-Hole DHCP 
is to have more control on their network and to see all the connections on it. If you are running RaspAP 
on another server the connection will only see one network. 





Pi-hole esanud raspberry | 








Status 





Active & Temp: 40.1°C System Adlists DNS DHCP API / Web interface Privacy Teleporter 


ct 
Load: 0.09 0.14 0.18 
Memory usage: 15.5% 


DHCP Settings Advanced DHCP settings 
ma 
— Ww . . 
NEESTICP server enabled LD Pi-hole domain name 





— Domain lan 
Make sure your router's DHCP server is disabled when using the Pi-hole DHCP 
server! DHCP lease time 
Range of IP addresses to hand out Leasetimeinhours 24 


From  192.168.0.201 To — 192.168.0.251 ; _—- 
Hint: 0 = infinite, 24 = one day, 168 = one week, 744 = one month, 8760 = one 


Router (gateway) IP address a 


Router 192.168.0.1 Enable DHCPv4 rapid commit (fast address assignment) 


Enable IPv6 support (SLAAC + RA) 


DHCP leases 
Currently active DHCP leases 


MAC address IP address Hostname +E 


2.10 disable DHCP on your router, login and find the setting to disable the DHCP. If possible also point 
the DNS to your PI-HOLE as you see below. 

















DHCP Server Settings 
Enable DHCP Server js 
Start IP Address 192.168.0.10 ? 
End IP Address 192.168.0.254 ? 
Lease Time | 3600 ? 
Domain Name ? 
DNS Override 
Enable DNS Override ? 
Primary DNS Server IP | 192.168.0.6 | ? 
Secondary DNS Server IP | 0.0.0.0 | ? 
Tertiary DNS Server IP | 0.0.0.0 | ? 





3.InN some cases some people disable IPV6 on their router, but only if they have issues or want to force 
al users on IPV4. 


LAN Settings (IPV6) 

















LAN SETTINGS You can make changes to the Local Area Network (LAN) here. For changes to take effect, you must press the ‘Apply’ button at the 
LAN SETTINGS (IPV6) bottom of the screen. 
CLIENT LIST 
_PORTS - LAN Settings (IPV6) 
IP Address V6 = | 2 
Prefix Length (IPV6) 2 
Link Local Address (IPV6) 2 
DHCP Server Settings (IPV6) 
Enable DHCP Server (IPV6) L) @ 


Start IP Address (IPV6) | =! & 
End IP Address (IPV6) [= 2 








Lease Time (IPV6) 3600 & 
DNS Override 
Enable DNS Override OD @ 


Secondary DNS Server IP | es 2 
Tertiary DNS Server IP | = 2 


DNS Relay 


Enable DNS Relay O @ 





Finished 


SETUP PI WE 


loo 
WN 
fri 


RVER FOR EASY ACCESS 


\ 
\ 
= ~ 


Resources Guides: 


Notes: We setup the pi server webs page to reflect all our changes for ease of use 


A Notsecure | 192.168.0.6 


Pi-hole: Your black hole for Internet advertisements 


Remore Administration via SSH use u=pi and p=raspberry 
ssh pi@192.168.0.6 Port 22 = Pi-Hole/Unbound DNS/RaspiCast 
ssh pi@192.168.0.2 Port 22 = RaspAP Wifi Access/CUPS Printing/SAMBA File Share/CCTV Monitor/MSMTP/Backup/Pi-Hole/Unbound DNS/Clam Anti-Virus 





1. Edit the website index file 
sudo nano /var/www/html/pihole/index.php 


2. Find and change the following section to include the following 
HHHHHH HH HH 


<p>Pi-<strong>hole</strong>: Your black hole for Internet advertisements</p> 
<br> 


x fH ( 


<a href='http://192.168.0.2/admin' target='_blank'>Click Here for the Pi-Hole Admin Panel?</a> 


<br> 


<a href='http://192.168.0.6/admin' target='_blank'>Click Here for the Secondary Pi-Hole Admin 


Panel?</a> 





3.Save you settings 


4.Now visit your start webpage 
http://192.168.0.2 


Finished 


UNBOUND DNS SERVER 


Resources Guides: 

https://docs.pi-hole.net/guides/dns/unbound 
https://awesomeopensource.com/project/anudeepND/pihole-unbound 
https://docs.pi-hole.net/ftldns/dns-cache 
https://www.smarthomebeginner.com/pi-hole-setup-guide 


Notes: sudo apt remove unbound 


1. Run the Installer and reboot when done 
sudo apt install unbound 
sudo reboot 


2. Get the Root Hints 
weet https://www.internic.net/domain/named.root -qO- | sudo tee /var/lib/unbound/root.hints 


3. Edit the config file and modify it with the below settings 
sudo nano /etc/unbound/unbound.conf.d/pi-hole.conf 





Save your settings 


4. Restart Unbound service 
sudo service unbound restart 


5. CHECK AND TEST SHOULD SHOW = NOERROR 
dig pi-hole.net @127.0.0.1 -p 5335 


6.CHECK AND TEST SHOULD SHOW = SERVEFAIL 
dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5335 


7. CHECK AND TEST SHOULD SHOW = NOERROR 
dig sigok.verteiltesysteme.net @127.0.0.1 -p 5335 


8. In http://PI-HOLE/Admin go to Settings and set custom DNS to 


Pi-hole 


Status 
Active © Temp: 40.1°C 


Load: 0.23 0.23 0.26 
Memory usage: 15.3% 


@ Dashboard 


B Query Log 


@ Long-term data 

@ Whitelist 

© Blacklist 

#Ze Group Management 
@ Disable 

Ba Tools 

% Settings 


B& Local DNS 





System Adlists DNS DHCP 


Upstream DNS Servers 


IPv4 IPv6é Name 


Google (ECS) 


OpenDNS (ECS, DNSSEC) 


Level3 


Comodo 


DNS.WATCH 


Quad9 (filtered, DNSSEC) 


Quad9 (unfiltered, no DNSSEC) 


Quads9 (filtered + ECS) 


API / Web interface Privacy 


hostname: Pi-hole 


Teleporter 


Upstream DNS Servers 







Custom 1 (IPv4) 


127.0.0.1#5335 


Custom 2 (IPv4) 







Custom 3 (IPv6) Custom 4 (IPv6) 


Interface listening behavior 


Listen on all interfaces 
Allows only queries from devices that are at most one hop away (local 
devices) 

@ Listen only on interface etho 


Listen on all interfaces, permit all origins 


Note that the last option should not be used on devices which are directly 


connected to the Internet. This option is safe if your Pi-hole is located within 
your local network, i.e. protected behind your router, and you have not 
forwarded port 53 to this device. In virtually all other cases you have to make 
sure that your Pi-hole is properly firewalled. 


P Donate Cloudflare 


@ Documentation 

ECS (Extended Client Subnet) defines a mechanism for recursive resolvers to 
send partial client IP address information to authoritative DNS name servers. 
Content Delivery Networks (CDNs) and latency-sensitive services use this to 





9. Run the next to Fix the DNS and Resolve 

sudo systemctl status unbound-resolvconf.service (press q to exit) 
sudo systemctl disable unbound-resolvconf.service 

sudo systemctl stop unbound-resolvconf.service 

sudo systemctl restart dhcpcd 


9. Check if the local system uses correct DNS 
cat /etc/resolv.conf 


10. Disabling Pi Hole caching requires setting the cache size to 0 in (was 10000) 
sudo nano /etc/dnsmasq.d/01-pihole.conf 





11. Restart the UNBOUND Service 
sudo service unbound restart 


12. Create a Script to update all the PI-HOLE lists every week for changes and DNS root hints. 
sudo nano /usr/local/sbin/update-all-list.sh 





13.Make the file executable 
sudo chmod +x /usr/local/sbin/update-all-list.sh 


14. Create a CRONTAB to run the Script 
sudo crontab -u pi -e 





15. Restart the CronTab service 
sudo service cron restart 


16. OPTIONAL: Open RaspAP if you installed it and check the DHCP DNS is set to 192.168.0.2 


} CA Notsecure | 192.168.0.2:8082/dhcpd_conf 


Enable this option if you want RaspAP to assign IP addresses to clients on the selected interface. A static 


IP address is required for this option 


Starting IP Address 
Ending IP Address 
Lease Time Interval 
Hour(s) 
DNS Server 1 
192.168.0.4 


DNS Server 2 


Metric 


Information provided by Dnsmasq 


17. OPTIONAL: Change your router DHCP to use the local DNS server 


DHCP Server Settings 














Enable DHCP Server (} 

Start IP Address 192.168.0.10 ? 
End IP Address 192.168.0.254 ? 
Lease Time 3600 ? 
Domain Name ? 

DNS Override 

Enable DNS Override ? 

Primary DNS Server IP 192.168.0.6 | @ 
Secondary DNS Server IP 0.0.0.0 | @ 
Tertiary DNS Server IP [0.0.0.0 | ? 





Finished 





DISASTER RECOVER (WHEN YOUR USB DIES) 


Resources Guides: 
https://www.aomeitech.com/aomei-backupper.html 


Notes: You should have a spare USB on standby or at very least backed up your installation USB, this will 
allow you to restore to another USB. 


WARNING: BEFORE RESTORING YOUR USB DRIVE, MAKE SURE YOU HAVE DOWNLOADED ALL THE 
FILES FROM YOUR GOOGLE BACKUP GDRIVE AND PUT IN A SAFE LOCATION TO RESTORE LATER. IF 
YOU SYNC An EMPTY BACKUP, YOU WILL LOOSE ALL YOUR GDRIVE DATA! 


1.Get Free AOMEI Backupper Software 
https://www.aomeitech.com/aomei-backupper.html 


For Windows PC 


Windows 10, 8.1, 8, 7, Vista, XP. 








| FREE 
AOMEI Backupper Standard AOMEI 


> Freeware 


>» For home use 





Download Freeware P 


113.76 MB | v6.4 


2.After you have installed run the program and click on BACKUP and select DISK BACKUP 


AOMEI Backupper Standard 


AOMEI OneKey Recovery 





3.Click ADD DISK 


AOMEI Backupper Standard 


Disk Backup 
S e: Disk Backup 74 


= 


ee? 
wh 


% Options @ Schedule —] Scheme 





4.Select the USB DRIVE and CLICK ADD 


AOMEI Backupper Standard 


— 


Select Disk 


“> Disk1 
Basic MBR 
465. 76GB 


Restore 


e 


Disk Backup 
T Disk Backup #4 





*. a 
50.C  232.34GB Ntfs 


EEE 
D: 500GB 
465. 76GB Ntfs 


% Options @ Schedule EH Scheme 


AOMEI Backupper Standard 
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6.The USB will now be backed up and you can restore another USB for Disaster Recovery 
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In order for us not to get mixed up with the USB drives | will format and relabel the USB(OPTIONAL) 
1.0pen Computer Manager and then click on DISK MANAGEMENT (or type this in the win search bar) 
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2.Right Click on the USB Drive you wish to format and click format 
You will get a message that all the data will be destroyed. Make sure this is the correct USB or drive 
before you click YES 
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3.Change the Label to CLONE and select FAT32 and click OK and again OK 
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4.When done you should now have a USB called CLONE 
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7.Select the DESTINATION DISK we named CLONE 
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8.Click on OK if you selected the correct disks or you will lose data 


AOMEI Backupper 4 


After perform the operation, the existing partitions on the destination disk will 
be overwritten or deleted, so we suggest you to backup them firstly if there 
are some important data on the destination disk. Are you sure to continue the 
operation? 


9.Click on START CLONE 
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Operation Summary 


_> Source Disk > Destination Disk 


Disk: 3 : Disk: 2 
Disk Size: 28.82GB Disk Size: 28.82GB 





10.The CLONE process will now start and when finished you will have a CLONED DISASTER RECOVERY 
USB spare for when things go wrong. 


SETTING UP RASPBERRY Pl ON A SSD CARD 


Resources Guides: 


Notes: 


1. Download the Raspberry Pi Imager 
https://www.raspberrypi.org/%20downloads 


2. Click Choose OS 
Select Raspberry Pi OS (Other) 
Select Raspberry Pi OS Lite (32Bit) 


3. Click CHOOSE SD CARD 
Select your SD card 


4. Click WRITE 
You will be prompted all data will be destroyed 


5. Click YES 
When done insert you SD card into your Pi 


6. Connect you Pi Zero with keyboard and Monitor , Power On and login 
Username pi and password raspberry 


7. Edit the dhcpca.conf file and enter a static IP for your network 
sudo vi etc/dhcpcd.conf 





8. Run the following command to configure you Pi 
sudo raspi-config 


* Expand SD Card 








* Enable SSH 





* You can also connect to your WIFI Network here if you are not using ethO 





9. Reboot the system 


10.Dont forget to make a backup of your SD card when done 
AOMEI Backupper Software 


11.Download and install Putty on your workstation and connect to your system <ipaddress>:22 
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html| 


Finished 


Eee ea ES 
OTHER TOPICS NOT COVERED IN THIS BOOK 


KODI 
https://kodi.wiki/view/HOW-TO:Install Kodi on Raspberry Pi 


OSMC 
https://www.maketecheasier.com/install-osmc-on-raspberry-pi 


MAILSERVER POSTFIX 
https://raspberrytips.com/mail-server-raspberry-pi 


KALI LINUX PI 
https://pimylifeup.com/raspberry-pi-kali-linux 


RASPBERRY PI LTE INTERNET MODEM 
https://www.raspberrypi.org/forums/viewtopic. php ?t=210724 


RASPBERRY PI USB NAS SERVER 





RASPBERRY PI WEBSERVER 
https://www.raspberrypi.org/documentation/remote-access/web-server/nginx.md 
https://www.howtoforge.com/how-to-install-osclass-with-nginx-on-ubuntu-1804 





INSTALLING SSL CERTIFICATES IN CUPS 
https://serverfault.com/questions/883918/https-ssl-not-working-with-cups 
https://letsencrypt.or 


RASPICAST (THIS WILL ONLY WORK ON A REAL PI DEVICE) 
https://www.instructables.com/Raspberry-Pi-As-Chromecast-Alternative-Raspicast 





https://play.google.com/store/apps/details ?id=at.huber.raspicast 
https://pimylifeup.com/raspberry-pi-chromecast 


RASPBERRY CAST (THIS WILL ONLY WORK ON A REAL PI DEVICE) 
https://github.com/vincelwt/RaspberryCast 
https://www.circuitstoday.com/raspberry-pi-music-player 


SETTING UP WIFI ON A RASPBERRY PI COMMAND LINE 





BONUS MATERIAL INSTALLING KODI (TV) 
WARNING NOT TESTED = STILL UNDER REVIEW | WOULD RECOMMEND A HDD AND NOTA SD OR USB 


Resources Guides: 
https://www.linuxbabe.com/desktop-linux/install-kodi-debian-8-ubuntu 
http://iwearshorts.com/blog/raspberry-pi-setting-up-your-audio 
https://github.com/iptv-org/iptv 
https://discourse.pi-hole.net/t/host-website-alongside-pi-hole-interface/31832 








Notes: Building your system as a media center TV 
sudo alsamixer 

sudo nano /boot/firmware/config.txt 

aplay /usr/share/sounds/alsa/Noise.wav 

sudo nano /boot/firmware/config.txt 

sudo nano /etc/lighttpd/lighttpd.conf 

sudo systemctl restart kodi sudo systemctl restart kodi 


WARNING: IF YOU HAVE CLAM AV SCANNING IT WILL GRIND YOUR SYSTEM TO A HALT WITH USB 


1. First make sure your sound is working. | found my sound was muted. The easy way of checking is to 
go to your Desktop and clicking on the volume button on the top right. 


2.If you selected command line then enable the desktop from raspi-config when done disable it again. 
sudo raspi-config 


Select 1 
Select 5 





Raspberry Pi Software Configuration Tool (raspi-config) 


S1 Wireless LAN Enter SSID and passphrase 
S3 Password Change password for the 'pi' user 
Hi Set name for this co te 








3.Once you have done this and still no sound install alsa-utils 
sudo apt-get install alsa-utils 


4.For my Dell Wyse | needed to enable the front sound port as the HDMI is disabled 
echo 'pcm.!default front:SB’ > ~/.asoundrc 


5.Next edit the following file and added (You may need to find your driver mine was snd-hda-intel) 
cat /proc/asound/modules 


sudo nano /etc/modprobe.d/alsa-base.conf 





6.You can test the sound with the following to see if its working (may need a reboot) 
aplay /usr/share/sounds/alsa/Noise.wav 


7. Next install the new version of Kodi and get the missing PVR parts we do the next. Add the following 
line to the bottom of the sources.list. 


sudo nano /etc/apt/sources.|list 





8.We then follow the next 


echo "deb http://pipplware.pplware.pt/pipplware/dists/buster/main/binary /" > 
/etc/apt/sources.list.d/pipS 


weet -q -O- http://pipplware.pplware.pt/pipplware/key.asc | apt-key add - 


9.We then update the system 
sudo apt-get update && sudo apt-get dist-upgrade -y 


10.Install KODI and the Suggested Addons and Codecs: (THIS WILL BE KODI MATRIX) 


sudo apt-get install -—install-suggests kodi 


11.Install PVR clients: 
sudo apt-get install kodi-pvr-mythtv 


12.Install IPTV Simple: 
sudo apt-get install kodi-pvr-iptvsimple 


13.Install AirPlay functionality: 
sudo apt-get install shairplay 


14.The reason we disable the desktop is to run Kodi as a service, install the next (Desktop Disabled) 
sudo apt install xinit xterm xserver-xorg-video-fbdev libvdpau-va-gl1 


15.Next we create the following file and enter the following 
sudo nano /etc/systemd/system/kodi.service 


16.We now enable the service so Kodi always starts when rebooted 
sudo systemctl enable kodi 


17.Reboot your system 
sudo shutdown -r now 


18.Kodi ports need to be enabled on our firewall (Note: CCTV monitor uses 8080 if problems) 


Run the following one at a time, exclude the hash and after. 


sudo ufw allow 1900 #DLNA 

sudo ufw allow 1084 #KODI 

sudo ufw allow 1308 #KODI 

sudo ufw allow 1131 #KODI 

sudo ufw allow 9090 #KODI IPV6 
sudo ufw allow 9777 #KODI udp IPV6 
sudo ufw allow 12374 #KODI udp IPV6 


1. Next we need to work on the Kodi System and enter the PVR data 


Enter the following URL and HIT OK when done 

http://my.iptv/index.m3u 

or what ever list you use, this is for cctv webcam, there is a m3u merge app you can use. 
https://www.matthuisman.nz/2019/02/iptv-merge-kodi-add-on.html 





also some other sections in SETTINGS 





2. Next you want to download the remote for your Android APP on the GOOLE PLAY STORE 


YATSE 





.leetzone.android.yatsewidgetfree&hl=en&gl=US 


Kodi Remote control 





https://play.google.com/store/apps/details ?id=org.xbmc.kore&hl=en&gl=US 





3. If you have over scan issues on your TV it may be that your TV is not set for full screen. 


SETTING YOUR CCTV WEBCAM TO WORK ON KODI (Intranet) 


1.Make a directory in you share to hold your m3u files 
sudo mkdir -m 1777 /share/iptv 


2.Change your directory to the new folder 
cd /share/iptv 


3.Change the owner of the folder 
sudo chown www-data:www-data /share/iptv 


4.Run the following to enable the webserver to function with pi-hole 


sudo lighty-enable-mod simple-vhost 
sudo service lighttpd force-reload 


5.Create a simple webpage on our webservers root folder 


sudo nano /share/iptv/index.html 





6.Save settings 


7.Now enter the following details in the external.conf file 
sudo nano /etc/lighttpd/external.conf 


ee 








8.We now can test our settings are correct. 
lighttpd -t -f /etc/lighttpod/external.conf 


9.Restart the lighthttpd service 
sudo systemctl restart lighttpd 


10.Now we need to setup a DNS record to point our internal workstations to our webserver. 


In Pi-Hole set the DNS record domain my. iptv and ip 192.168.0.2 


Pi-hole 
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Local DNS Records 


On this page, you can add domain/IP associations 


Add a new domain/IP combination 


Domain: IP Address: 


my. iptv 


List of local DNS domains 


Domain 1k Pp Action 


my.iptv 192,168,0.2 





12. We now want to create a m3u list and add our CCTV to it 
sudo nano /share/iptv/index.m3u 





13.The PI-HOLE will not see the webserver for any reason you can add it to the host file 


sudo nano /etc/hosts 





14.Save settings 


15.Change permission so you can edit the file in the share from other workstations 
sudo chmod o+rw /share/iptv/index.htm! 
sudo chmod o+rw /share/iptv/index.m3u 


16.Since we want the CCTV on permanently in this case we remove some lines from crontab, 
notification still run at night 
sudo crontab -u pi -e 





17.Save your changes, this will keep the motion camera service running 24/7 it will capture movement 
but the notification settings still only run at the desired time. 


15.You should now Reboot the system and check once loaded if KODI sees your CCTV 
sudo reboot 


DONE 


